A sysadmin blog about Linux and cloud IaaS

I was trying to attach an Encrypted EBS volume to an instance managed with OpsWorks. But after registering the EBS volume to OpsWorks stack and setting up the mount point to /srv/backups the instance refused to start with a message about not all volumes being mounted.

I suspected immediately it was a problem with the encryption and after googling around found this useful answer on AWS forum: https://forums.aws.amazon.com/thread.jspa?messageID=697774

So I went back to IAM and created a new Encryption key from the interface and gave both aws-opsworks-service-role and aws-opsworks-ec2-role access to that key. The weird thing is that the EBS was encrypted with default aws/ebs key, but somehow OpsWorks still managed to start the instance and mount the encrypted EBS.